{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2588", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-21T06:32:24.166Z", "datePublished": "2025-03-21T12:00:10.758Z", "dateUpdated": "2025-03-21T17:24:55.111Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-21T12:00:10.758Z"}, "title": "Hercules Augeas fa.c re_case_expand null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "Hercules", "product": "Augeas", "versions": [{"version": "1.14.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In Hercules Augeas 1.14.1 wurde eine problematische Schwachstelle gefunden. Dabei geht es um die Funktion re_case_expand der Datei src/fa.c. Durch Manipulation des Arguments re mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "timeline": [{"time": "2025-03-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-21T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-21T07:37:32.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.300568", "name": "VDB-300568 | Hercules Augeas fa.c re_case_expand null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.300568", "name": "VDB-300568 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.517281", "name": "Submit #517281 | https://github.com/hercules-team/augeas augeas 1.14.1 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/hercules-team/augeas/issues/852", "tags": ["issue-tracking"]}, {"url": "https://github.com/hercules-team/augeas/issues/852#issue-2905999609", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"references": [{"url": "https://github.com/hercules-team/augeas/issues/852#issue-2905999609", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-21T17:24:34.308971Z", "id": "CVE-2025-2588", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T17:24:55.111Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2588", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-21T17:24:34.308971Z"}}}], "references": [{"url": "https://github.com/hercules-team/augeas/issues/852#issue-2905999609", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T17:24:50.997Z"}}], "cna": {"title": "Hercules Augeas fa.c re_case_expand null pointer dereference", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "affected": [{"vendor": "Hercules", "product": "Augeas", "versions": [{"status": "affected", "version": "1.14.1"}]}], "timeline": [{"lang": "en", "time": "2025-03-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-21T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-21T07:37:32.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.300568", "name": "VDB-300568 | Hercules Augeas fa.c re_case_expand null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.300568", "name": "VDB-300568 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.517281", "name": "Submit #517281 | https://github.com/hercules-team/augeas augeas 1.14.1 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/hercules-team/augeas/issues/852", "tags": ["issue-tracking"]}, {"url": "https://github.com/hercules-team/augeas/issues/852#issue-2905999609", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In Hercules Augeas 1.14.1 wurde eine problematische Schwachstelle gefunden. Dabei geht es um die Funktion re_case_expand der Datei src/fa.c. Durch Manipulation des Arguments re mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-21T12:00:10.758Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2588", "state": "PUBLISHED", "dateUpdated": "2025-03-21T17:24:55.111Z", "dateReserved": "2025-03-21T06:32:24.166Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-21T12:00:10.758Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:augeas:augeas:1.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "79129F88-24DC-467E-9ED8-5689245CEE32", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en Hercules Augeas 1.14.1, clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n re_case_expand del archivo src/fa.c. La manipulaci\u00f3n del argumento re provoca la desreferenciaci\u00f3n de puntero nulo. Es necesario realizar ataques locales. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-2588", "lastModified": "2025-04-01T20:24:28.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-21T12:15:26.553", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/hercules-team/augeas/issues/852"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/hercules-team/augeas/issues/852#issue-2905999609"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.300568"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?id.300568"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.517281"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/hercules-team/augeas/issues/852#issue-2905999609"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "augeas: Hercules Augeas fa.c re_case_expand null pointer dereference", "id": "2354159", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354159"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-404|CWE-476)", "details": ["A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.", "A flaw was found in Hercules Augeas. This issue occurs in the re_case_expand function, defined in src/fa.c at line 4391. The fa_expand_nocase function fails to check whether the pointer is null when calling the re_case_expand function, resulting in null pointer dereference, causing the program to report segmentation fault."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-2588", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "augeas", "product_name": "Red Hat Enterprise Linux 10"}], "public_date": "2025-03-21T12:00:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-2588\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-2588\nhttps://github.com/hercules-team/augeas/issues/852\nhttps://github.com/hercules-team/augeas/issues/852#issue-2905999609\nhttps://vuldb.com/?ctiid.300568\nhttps://vuldb.com/?id.300568\nhttps://vuldb.com/?submit.517281"], "threat_severity": "Low"}